Merge pull request 'feat: add rundeck runner user' (#130) from neoloc/rundeck_user into develop

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/130
2024-08-06 22:36:54 +10:00 · 2024-08-06 22:36:54 +10:00 · 20ee6fa19e
commit 20ee6fa19e
parent 8e0f26e726 c846cc4e21
5 changed files with 37 additions and 0 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -142,6 +142,7 @@ hiera_include:
  - timezone
  - networking
  - ssh::server
  - profiles::accounts::rundeck
 profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
 profiles::ntp::client::use_ntp: 'region'
@ -305,6 +306,8 @@ sudo::configs:
 profiles::accounts::sysadmin::sshkeys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
 profiles::accounts::rundeck::sshkeys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD4F7VcorbGpyZzBFexz7c/o1JBscrl7hZU0UkWV7fq6YLizW0r6fOzD99hMwu1kdYCjPxbvuUSDEHfyBIp2EgLWU6wFVoufQqlMyOV85+ivQZUc1VNV+X9T+U4v3u/01hkAmlpXtbkwhMSR4Wi+tdABd04+D3CuMDM37mvnFmBBmi41X4Mr1rJhOQumn1XHQ7EYbsdw2mxfEVVeWpZIHz5BjNKSGzEIAYZbFt6s0Y7X3J5RT+Gjqmu043Tc8nNIUFlR9E10qd3Euf9RiBYxBx3z+yfOzJPBzWNBSHv1+PIbO5Mq+z5JaAfoFZO41L7nw+FjV6JJUCVLr6Vq+bCxyA7LW4Oq9ZahSrt/vrT0kTa0tA5U9bqK6e7pB//dm7PzoROtTq0XksV8RseA/fvIje20uaN1z9dynx+UcbszXu9pQ5GIg1o7b5DEi3OZHJwpgdudiCyEeR4+00G0z4PjpEMnTSMHAJ53WxtjzrPAOBnAmPE7hPu4coU+XrCWEXAvRMloJmca68e+zFX7VvFK82KVDuQ99vQ6w4X73IESKoLzyAVxpelwHaDG4fN+zqYfqubVQU1L5cUeYKxqm5r3Us6VvMaYs1ZMUmDGXHOq4FNhGUJYxSjkLvunM6qyAAJQCd6Pw/2TV3UQVerbouGOZaeBLvRguHWSbDrO99Zu+t87w== rundeck_runner
 networking::interface_defaults:
  ensure: present
--- a/hieradata/roles/infra/automation/rundeck.eyaml
+++ b/hieradata/roles/infra/automation/rundeck.eyaml
--- a/hieradata/roles/infra/automation/rundeck.yaml
+++ b/hieradata/roles/infra/automation/rundeck.yaml
@ -3,6 +3,9 @@ hiera_include:
  - profiles::rundeck::server
  - profiles::nginx::simpleproxy
 hiera_exclude:
  - profiles::accounts::rundeck
 profiles::packages::exclude:
  - jq
--- a/site/profiles/manifests/accounts/rundeck.pp
+++ b/site/profiles/manifests/accounts/rundeck.pp
@ -0,0 +1,14 @@
 # create the rundeck user
 class profiles::accounts::rundeck (
  Array[String] $sshkeys = [],
 ){
  profiles::base::account {'rundeck':
    username => 'rundeck',
    uid      => 1100,
    gid      => 1100,
    groups   => ['adm', 'admins', 'systemd-journal'],
    sshkeys  => $sshkeys,
    require  => Group['admins'],
    system   => true,
  }
 }
--- a/site/profiles/manifests/rundeck/server.pp
+++ b/site/profiles/manifests/rundeck/server.pp
@ -86,4 +86,20 @@ class profiles::rundeck::server (
  create_resources('rundeck::config::aclpolicyfile', $acl_policies)
  create_resources('rundeck::config::project', $cli_projects)
  # create rundeck runner ssh key
  file {'/var/lib/rundeck/.ssh/rundeck_id_rsa':
    ensure  => 'file',
    owner   => 'rundeck',
    group   => 'rundeck',
    mode    => '0600',
    content => lookup('rundeck::ssh::private_key'),
  }
  file {'/var/lib/rundeck/.ssh/rundeck_id_rsa.pub':
    ensure  => 'file',
    owner   => 'rundeck',
    group   => 'rundeck',
    mode    => '0644',
    content => lookup('profiles::accounts::rundeck::sshkeys'),
  }
 }